Enlisting Students in Your Security Operations Center Functions
Universities can effectively staff their Security Operations Centers (SOCs) with students by following the successful model of Auburn University, where the SOC is led by Jay James, the SOC Director. This approach combines practical work experience with faculty or staff oversight.
The key to a successful student-led SOC lies in careful planning and execution. Here are some practices inspired by Auburn University's experience:
- Recruit students with relevant technical backgrounds: Enrol students from cybersecurity, computer science, or information technology programs to ensure they possess or can develop the necessary skills for SOC roles.
- Offer paid internships or student employment opportunities: Provide part-time roles (up to 20 hours per week) for students to work on real SOC activities such as threat analysis, incident monitoring, vulnerability scanning, and penetration testing. This hands-on experience offers them valuable exposure to security tools and practices.
- Provide structured oversight by a staff or faculty member: Assign a knowledgeable staff or faculty member to supervise student activities, maintain technical accuracy, and mentor students professionally, ensuring the SOC operates effectively while students learn.
- Cultivate partnerships with academic departments and cybersecurity education programs: Collaborate with these departments to facilitate recruitment, coordinate learning objectives, and integrate internship experiences with student coursework and research opportunities.
- Develop flexible scheduling and clear job expectations: Create a work environment that accommodates students’ academic commitments and fosters skills such as multitasking, time management, and customer service relevant to campus security operations.
- Incorporate community engagement: Involve students in broader cybersecurity resilience efforts, such as awareness workshops or assessments for local organizations, to deepen their understanding and impact.
By implementing these practices, universities can create a mutually beneficial model: students gain valuable cybersecurity experience and career preparation, while universities build a capable SOC team that supports campus and community security needs efficiently and sustainably.
James, the SOC Director at Auburn University, emphasizes the importance of identifying the primary reason for creating a SOC and developing specific metrics for success. He also advises connecting with departments that house cybersecurity classes and student organizations for recruiting students to the SOC. James works closely with professors in relevant fields to understand the skills students have and how they can build on these while working at the SOC.
Recently, Microsoft highlighted creating a SOC as one of the strategies in its cyber threat intelligence brief "Cyber Signals". The Auburn University SOC aims to provide students with hands-on experience in the field of cybersecurity, with the SOC established over the last decade by Jay James. The SOC is not directly linked to students' degrees or a graduation requirement.
- Incorporating digital learning tools and resources into the education-and-self-development curriculum of students involved in the SOC can enhance their overall learning experience and prepare them better for real-world cybersecurity scenarios.
- By collaborating with academic departments offering cybersecurity courses and self-development groups, students can gain a solid foundation of learning before transitioning to practical work in the SOC, ensuring a smooth learning process.
- Encouraging students to share their SOC experiences with their peers in class or through presentations can foster a learning environment that benefits both themselves and their fellow students, thereby promoting continuous learning and self-development.
